C ert L e a de r 100% Valid and Newest Version SSCP Questions & Answers shared by Certleader 
Leader of IT Certifications 


EAE https:/Awww.certleader.com/SSCP-dumps.html (1074 Q&As) 


SSCP Dumps 


System Security Certified Practitioner (SSCP) 


https://www.certleader.com/SSCP-dumps.html 


Cert L 


Questions 


Leader of IT Certifications 


2 


The Leader of IT Certification visit - https://www. certleader.com 


e 100% Valid and Newest Version SSCP Questions & Answers shared by Certleader 
Cert Leader https:/Awww.certleader.com/SSCP-dumps.html (1074 Q&As) 


Leader of IT Certifications 


NEW QUESTION 1 
- (Topic 1) 
Controlling access to information systems and associated networks is necessary for the preservation of their: 


A. Authenticity, confidentiality and availability 

B. Confidentiality, integrity, and availability. 

C. integrity and availability. 

D. authenticity confidentiality, integrity and availability. 


Answer: B 


Explanation: 
Controlling access to information systems and associated networks is necessary for the preservation of their confidentiality, integrity and availability. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 31. 


NEW QUESTION 2 
- (Topic 1) 
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is: 


A. concern that the laser beam may cause eye damage 

B. the iris pattern changes as a person grows older. 

C. there is a relatively high rate of false accepts. 

D. the optical unit must be positioned so that the sun does not shine into the aperture. 


Answer: D 


Explanation: 

Because the optical unit utilizes a camera and infrared light to create the images, sun light can impact the aperture so it must not be positioned in direct light of 
any type. Because the subject does not need to have direct contact with the optical reader, direct light can impact the reader. 

An Iris recognition is a form of biometrics that is based on the uniqueness of a subject's iris. A camera like device records the patterns of the iris creating what is 
known as Iriscode. 

It is the unique patterns of the iris that allow it to be one of the most accurate forms of biometric identification of an individual. Unlike other types of biometics, the 
iris rarely changes over time. Fingerprints can change over time due to scaring and manual labor, voice patterns can change due to a variety of causes, hand 
geometry can also change as well. But barring surgery or an accident it is not usual for an iris to change. The subject has a high-resoulution image taken of their 
iris and this is then converted to Iriscode. The current standard for the Iriscode was developed by John Daugman. When the subject attempts to be authenticated 
an infrared light is used to capture the iris image and this image is then compared to the Iriscode. If there is a match the subject's identity is confirmed. The subject 
does not need to have direct contact with the optical reader so it is a less invasive means of authentication then retinal scanning would be. 

Reference(s) used for this question: AIO, 3rd edition, Access Control, p 134. AIO, 4th edition, Access Control, p 182. 

Wikipedia - http://en.wikipedia.org/wiki/Iris_recognition The following answers are incorrect: 

concern that the laser beam may cause eye damage. The optical readers do not use laser so, concern that the laser beam may cause eye damage is not an issue. 
the iris pattern changes as a person grows older. The question asked about the physical installation of the scanner, so this was not the best answer. If the question 
would have been about long term problems then it could have been the best choice. Recent research has shown that Irises actually do change over time: 
http:/Awww.nature.com/news/ageing- eyes-hinder-biometric-scans-1.10722 

there is a relatively high rate of false accepts. Since the advent of the Iriscode there is a very low rate of false accepts, in fact the algorithm used has never had a 
false match. This all depends on the quality of the equipment used but because of the uniqueness of the iris even when comparing identical twins, iris patterns are 
unique. 


NEW QUESTION 3 
- (Topic 1) 
What refers to legitimate users accessing networked services that would normally be restricted to them? 


A. Spoofing 

B. Piggybacking 
C. Eavesdropping 
D. Logon abuse 


Answer: D 


Explanation: 

Unauthorized access of restricted network services by the circumvention of security access controls is known as logon abuse. This type of abuse refers to users 
who may be internal to the network but access resources they would not normally be allowed. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep 
Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: 

Telecommunications and Network Security (page 74). 


NEW QUESTION 4 
- (Topic 1) 
What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values? 


A. Mandatory model 
B. Discretionary model 
C. Lattice model 

D. Rule model 


Answer: C 
Explanation: 


In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values. 
Reference(s) used for this question: 
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KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34. 


NEW QUESTION 5 
- (Topic 1) 
What is the most critical characteristic of a biometric identifying system? 


A. Perceived intrusiveness 
B. Storage requirements 
C. Accuracy 

D. Scalability 


Answer: C 


Explanation: 

Accuracy is the most critical characteristic of a biometric identifying verification system. 

Accuracy is measured in terms of false rejection rate (FRR, or type | errors) and false acceptance rate (FAR or type II errors). 

The Crossover Error Rate (CER) is the point at which the FRR equals the FAR and has become the most important measure of biometric system accuracy. 
Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 1, Biometric 
Identification (page 9). 


NEW QUESTION 6 
- (Topic 1) 
The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following? 


A. clipping level 
B. acceptance level 
C. forgiveness level 
D. logging level 


Answer: A 


Explanation: 

The correct answer is "clipping level". This is the point at which a system decides to take some sort of action when an action repeats a preset number of times. 
That action may be to log the activity, lock a user account, temporarily close a port, etc. 

Example: The most classic example of a clipping level is failed login attempts. If you have a system configured to lock a user's account after three failed login 
attemts, that is the "clipping level”. 

The other answers are not correct because: 

Acceptance level, forgiveness level, and logging level are nonsensical terms that do not exist (to my knowledge) within network security. 

Reference: 

Official ISC2 Guide - The term "clipping level" is not in the glossary or index of that book. | cannot find it in the text either. However, I'm quite certain that it would 
be considered part of the CBK, despite its exclusion from the Official Guide. 

Allin One Third Edition page: 136 - 137 


NEW QUESTION 7 
- (Topic 1) 
Which of the following is NOT a type of motion detector? 


A. Photoelectric sensor 

B. Passive infrared sensors 
C. Microwave Sensor. 

D. Ultrasonic Sensor. 


Answer: A 


Explanation: 

A photoelectric sensor does not "directly" sense motion there is a narrow beam that won't set off the sensor unless the beam is broken. Photoelectric sensors, 
along with dry contact switches, are a type of perimeter intrusion detector. 

All of the other answers are valid types of motion detectors types. 

The content below on the different types of sensors is from Wikepedia: Indoor Sensors 

These types of sensors are designed for indoor use. Outdoor use would not be advised due to false alarm vulnerability and weather durability.Passive infrared 
detectors 


C:\Users\MCS\Desktop\1.jog Passive Infrared Sensor 
The passive infrared detector (PIR) is one of the most common detectors found in household and small business environments because it offers affordable and 
reliable functionality. The term passive means the detector is able to function without the need to generate and radiate its own energy (unlike ultrasonic and 


The Leader of IT Certification visit - https://www. certleader.com 


e 100% Valid and Newest Version SSCP Questions & Answers shared by Certleader 
Cert Leader https:/Awww.certleader.com/SSCP-dumps.html (1074 Q&As) 


Leader of IT Certifications 


microwave volumetric intrusion detectors that are ??active?? in operation). PIRs are able to distinguish if an infrared emitting object is present by first learning the 
ambient temperature of the monitored space and then detecting a change in the temperature caused by the presence of an object. Using the principle of 
differentiation, which is a check of presence or nonpresence, PIRs verify if an intruder or object is actually there. Creating individual zones of detection where each 
zone comprises one or more layers can achieve differentiation. Between the zones there are areas of no sensitivity (dead zones) that are used by the sensor for 
comparison. 

Ultrasonic detectors 

Using frequencies between 15 kHz and 75 kHz, these active detectors transmit ultrasonic sound waves that are inaudible to humans. The Doppler shift principle is 
the underlying method of operation, in which a change in frequency is detected due to object motion. This is caused when a moving object changes the frequency 
of sound waves around it. Two conditions must occur to successfully detect a Doppler shift event: 

There must be motion of an object either towards or away from the receiver. 

The motion of the object must cause a change in the ultrasonic frequency to the receiver relative to the transmitting frequency. 

The ultrasonic detector operates by the transmitter emitting an ultrasonic signal into the area to be protected. The sound waves are reflected by solid objects (such 
as the surrounding floor, walls and ceiling) and then detected by the receiver. Because ultrasonic waves are transmitted through air, then hard-surfaced objects 
tend to reflect most of the ultrasonic energy, while soft surfaces tend to absorb most energy. 

When the surfaces are stationary, the frequency of the waves detected by the receiver will be equal to the transmitted frequency. However, a change in frequency 
will occur as a result of the Doppler principle, when a person or object is moving towards or away from the detector. Such an event initiates an alarm signal. This 
technology is considered obsolete by many alarm professionals, and is not actively installed. 

Microwave detectors 

This device emits microwaves from a transmitter and detects any reflected microwaves or reduction in beam intensity using a receiver. The transmitter and 
receiver are usually combined inside a single housing (monostatic) for indoor applications, and separate housings (bistatic) for outdoor applications. To reduce 
false alarms this type of detector is usually combined with a passive infrared detector or "Dualtec" alarm. 

Microwave detectors respond to a Doppler shift in the frequency of the reflected energy, by a phase shift, or by a sudden reduction of the level of received energy. 
Any of these effects may indicate motion of an intruder. 

Photo-electric beams 

Photoelectric beam systems detect the presence of an intruder by transmitting visible or infrared light beams across an area, where these beams may be 
obstructed. To improve the detection surface area, the beams are often employed in stacks of two or more. However, if an intruder is aware of the technology's 
presence, it can be avoided. The technology can be an effective long-range detection system, if installed in stacks of three or more where the transmitters and 
receivers are staggered to create a fence-like barrier. Systems are available for both internal and external applications. To prevent a clandestine attack using a 
secondary light source being used to hold the detector in a 'sealed’ condition whilst an intruder passes through, most systems use and detect a modulated light 
source. 

Glass break detectors 

The glass break detector may be used for internal perimeter building protection. When glass breaks it generates sound in a wide band of frequencies. These can 
range from infrasonic, which is below 20 hertz (Hz) and can not be heard by the human ear, through the audio band from 20 Hz to 20 kHz which humans can hear, 
right up to ultrasonic, which is above 20 kHz and again cannot be heard. Glass break acoustic detectors are mounted in close proximity to the glass panes and 
listen for sound frequencies associated with glass breaking. Seismic glass break detectors are different in that they are installed on the glass pane. When glass 
breaks it produces specific shock frequencies which travel through the glass and often through the window frame and the surrounding walls and ceiling. Typically, 
the most intense frequencies generated are between 3 and 5 kHz, depending on the type of glass and the presence of a plastic interlayer. Seismic glass break 
detectors ??feel?? these shock frequencies and in turn generate an alarm condition. 

The more primitive detection method involves gluing a thin strip of conducting foil on the inside of the glass and putting low-power electrical current through it. 
Breaking the glass is practically guaranteed to tear the foil and break the circuit. 

Smoke, heat, and carbon monoxide detectors 


C:\Users\MCS\Desktop\1.jpog Heat Detection System 

Most systems may also be equipped with smoke, heat, and/or carbon monoxide detectors. These are also known as 24 hour zones (which are on at all times). 
Smoke detectors and heat detectors protect from the risk of fire and carbon monoxide detectors protect from the risk of carbon monoxide. Although an intruder 
alarm panel may also have these detectors connected, it may not meet all the local fire code requirements of a fire alarm system. 

Other types of volumetric sensors could be: 

Active Infrared 

Passive Infrared/Microware combined Radar 

Accoustical Sensor/Audio Vibration Sensor (seismic) Air Turbulence 


NEW QUESTION 8 
- (Topic 1) 
Which one of the following authentication mechanisms creates a problem for mobile users? 


A. Mechanisms based on IP addresses 
B. Mechanism with reusable passwords 
C. one-time password mechanism. 
D. challenge response mechanism. 


Answer: A 


Explanation: 

Anything based on a fixed IP address would be a problem for mobile users because their location and its associated IP address can change from one time to the 
next. Many providers will assign a new IP every time the device would be restarted. For example an insurance adjuster using a laptop to file claims online. He goes 
to a different client each time and the address changes every time he connects to the ISP. 

NOTE FROM CLEMENT: 

The term MOBILE in this case is synonymous with Road Warriors where a user is contantly traveling and changing location. With smartphone today that may not 
be an issue but it would be an issue for laptops or WIFI tablets. Within a carrier network the IP will tend to be the same and would change rarely. So this question 
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is more applicable to devices that are not cellular devices but in some cases this issue could affect cellular devices as well. 

The following answers are incorrect: 

mechanism with reusable password. This is incorrect because reusable password mechanism would not present a problem for mobile users. They are the least 
secure and change only at specific interval. 

one-time password mechanism. This is incorrect because a one-time password mechanism would not present a problem for mobile users. Many are based on a 
clock and not on the IP address of the user. 

challenge response mechanism. This is incorrect because challenge response mechanism would not present a problem for mobile users. 


NEW QUESTION 9 
- (Topic 1) 
What does the Clark-Wilson security model focus on? 


A. Confidentiality 
B. Integrity 

C. Accountability 
D. Availability 


Answer: B 


Explanation: 

The Clark-Wilson model addresses integrity. It incorporates mechanisms to enforce internal and external consistency, a separation of duty, and a mandatory 
integrity policy. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architectures and Models (page 205). 


NEW QUESTION 10 

- (Topic 1) 

Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational 
security policy? 


A. Mandatory Access Control 

B. Discretionary Access Control 

C. Non-Discretionary Access Control 
D. Rule-based Access control 


Answer: C 


Explanation: 

Non Discretionary Access Control include Role Based Access Control (RBAC) and Rule Based Access Control (RBAC or RUBAC). RABC being a subset of 
NDAG, it was easy to eliminate RBAC as it was covered under NDAC already. 

Some people think that RBAC is synonymous with NDAC but RUBAC would also fall into this category. 

Discretionary Access control is for environment with very low level of security. There is no control on the dissemination of the information. A user who has access 
to a file can copy the file or further share it with other users. 

Rule Based Access Control is when you have ONE set of rules applied uniformly to all users. A good example would be a firewall at the edge of your network. A 
single rule based is applied against any packets received from the internet. 

Mandatory Access Control is a very rigid type of access control. The subject must dominate the object and the subject must have a Need To Know to access the 
information. Objects have labels that indicate the sensitivity (classification) and there is also categories to enforce the Need To Know (NTK). 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the 

Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 


NEW QUESTION 10 
- (Topic 1) 
The control measures that are intended to reveal the violations of security policy using software and hardware are associated with: 


A. Preventive/physical 

B. Detective/technical 

C. Detective/physical 

D. Detective/administrative 


Answer: B 


Explanation: 

The detective/technical control measures are intended to reveal the violations of security policy using technical means. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the 

Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35. 


NEW QUESTION 15 
- (Topic 1) 
Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations? 


A. Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access 
to. 

B. The initial logon process is cumbersome to discourage potential intruders. 

C. Once a user obtains access to the system through the initial log-on, they only need to logon to some applications. 

D. Once a user obtains access to the system through the initial log-on, he has to logout from all other systems 

Answer: A 


Explanation: 
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Single Sign-On is a distrubuted Access Control methodology where an individual only has to authenticate once and would have access to all primary and 
secondary network domains. The individual would not be required to re-authenticate when they needed additional resources. The security issue that this creates is 
if a fraudster is able to compromise those credential they too would have access to all the resources that account has access to. 

All the other answers are incorrect as they are distractors. 


NEW QUESTION 16 
- (Topic 1) 
Which of the following would constitute the best example of a password to use for access to a system by a network administrator? 


A. holiday 

B. Christmas12 
C. Jenny 

D. GyN19Za! 


Answer: D 


Explanation: 

GyN19Za! would be the the best answer because it contains a mixture of upper and lower case characters, alphabetic and numeric characters, and a special 
character making it less vulnerable to password attacks. 

All of the other answers are incorrect because they are vulnerable to brute force or dictionary attacks. Passwords should not be common words or names. The 
addition of a number to the end of a common word only marginally strengthens it because a common password attack would also check combinations of words: 
Christmas23 Christmas1 23 etc... 


NEW QUESTION 21 
- (Topic 1) 
Which of the following is not a physical control for physical security? 


A. lighting 
B. fences 
C. training 
D. facility construction materials 


Answer: C 


Explanation: 

Some physical controls include fences, lights, locks, and facility construction materials. Some administrative controls include facility selection and construction, 
facility management, personnel controls, training, and emergency response and procedures. 

From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 3rd. Ed., Chapter 6, page 403. 


NEW QUESTION 25 

- (Topic 1) 

Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these item listed above in 
conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following? 


A. Multi-party authentication 
B. Two-factor authentication 
C. Mandatory authentication 
D. Discretionary authentication 


Answer: B 


Explanation: 

Once an identity is established it must be authenticated. There exist numerous technologies and implementation of authentication methods however they almost 
all fall under three major areas. 

There are three fundamental types of authentication: Authentication by knowledge??something a person knows 

Authentication by possession? ?something a person has 

Authentication by characteristic??something a person is Logical controls related to these types are called ??factors.?? 

Something you know can be a password or PIN, something you have can be a token fob or smart card, and something you are is usually some form of biometrics. 
Single-factor authentication is the employment of one of these factors, two-factor authentication is using two of the three factors, and three-factor authentication is 
the combination of all three factors. 

The general term for the use of more than one factor during authentication is multifactor authentication or strong authentication. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 2367-2379). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 29 
- (Topic 1) 
Which of the following statements pertaining to biometrics is false? 


A. Increased system sensitivity can cause a higher false rejection rate 

B. The crossover error rate is the point at which false rejection rate equals the false acceptance rate. 
C. False acceptance rate is also known as Type II error. 

D. Biometrics are based on the Type 2 authentication mechanism. 


Answer: D 
Explanation: 


Authentication is based on three factor types: type 1 is something you know, type 2 is something you have and type 3 is something you are. Biometrics are based 
on the Type 3 authentication mechanism. 
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Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: 
Access control systems (page 37). 


NEW QUESTION 31 

- (Topic 1) 

In the context of Biometric authentication, what is a quick way to compare the accuracy of devices. In general, the device that have the lowest value would be the 
most accurate. Which of the following would be used to compare accuracy of devices? 


A. the CER is used. 
B. the FRR is used 
C. the FAR is used 
D. the FER is used 


Answer: A 


Explanation: 

equal error rate or crossover error rate (EER or CER): the rate at which both accept and reject errors are equal. The value of the EER can be easily obtained from 
the ROC curve. The EER is a quick way to compare the accuracy of devices with different ROC curves. In general, the device with the lowest EER is most 
accurate. 

In the context of Biometric Authentication almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If 
the system's sensitivity is increased, such as in an airport metal detector, the system becomes increasingly selective and has a higher False Reject Rate (FRR). 
Conversely, if the sensitivity is decreased, the False Acceptance Rate (FAR) will increase. Thus, to have a valid measure of the system performance, the 
CrossOver Error Rate (CER) is used. 

The following are used as performance metrics for biometric systems: 

false accept rate or false match rate (FAR or FMR): the probability that the system incorrectly matches the input pattern to a non-matching template in the 
database. It measures the percent of invalid inputs which are incorrectly accepted. In case of similarity scale, if the person is imposter in real, but the matching 
score is higher than the threshold, then he is treated as genuine that increase the FAR and hence performance also depends upon the selection of threshold 
value. 

false reject rate or false non-match rate (FRR or FNMR): the probability that the system fails to detect a match between the input pattern and a matching template 
in the database. It measures the percent of valid inputs which are incorrectly rejected. 

failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality 
inputs. 

failure to capture rate (FTC): Within automatic systems, the probability that the system fails to detect a biometric input when presented correctly. 

template capacity: the maximum number of sets of data which can be stored in the system. Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten 

Domains of Computer Security, 2001, John Wiley & Sons, Page 37. and 

Wikipedia at: https://en.wikipedia.org/wiki/Biometrics 


NEW QUESTION 32 
- (Topic 1) 
Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives? 


A. Preventive/Technical Pairing 

B. Preventive/Administrative Pairing 
C. Preventive/Physical Pairing 

D. Detective/Administrative Pairing 


Answer: B 


Explanation: 

Soft Control is another way of referring to Administrative control. 

Technical and Physical controls are NOT soft control, so any choice listing them was not the best answer. 

Preventative/Technical is incorrect because although access control can be technical control, it is commonly not referred to as a "soft" control 
Preventative/Administrative is correct because access controls are preventative in nature. it is always best to prevent a negative event, however there are times 
where controls might fail and you cannot prevent everything. Administrative controls are roles, responsibilities, 

policies, etc which are usually paper based. In the administrative category you would find audit, monitoring, and security awareness as well. 
Preventative/Physical pairing is incorrect because Access controls with an emphasis on "soft" mechanisms conflict with the basic concept of physical controls, 
physical controls are usually tangible objects such as fences, gates, door locks, sensors, etc... 

Detective/Administrative Pairing is incorrect because access control is a preventative control used to control access, not to detect violations to access. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34. 


NEW QUESTION 34 
- (Topic 1) 
What can be defined as a list of subjects along with their access rights that are authorized to access a specific object? 


A. A capability table 

B. An access control list 

C. An access control matrix 
D. A role-based matrix 


Answer: B 


Explanation: 

"It [ACL] specifies a list of users [subjects] who are allowed access to each object" CBK, p. 188 

A capability table is incorrect. "Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject. For 
example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on the user's posession of a capability (or ticket) for 
the object." CBK, pp. 191-192. The distinction that makes this an incorrect choice is that access is based on posession of a capability by the subject. 

To put it another way, as noted in AlO3 on p. 169, "A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the 
object is bound to the ACL." 

An access control matrix is incorrect. The access control matrix is a way of describing the rules for an access control strategy. The matrix lists the users, groups 


The Leader of IT Certification visit - httos://www.certleader.com 


e 100% Valid and Newest Version SSCP Questions & Answers shared by Certleader 
Cert Leader https:/Awww.certleader.com/SSCP-dumps.html (1074 Q&As) 


Leader of IT Certifications 


and roles down the left side and the resources and functions across the top. The cells of the matrix can either indicate that access is allowed or indicate the type of 
access. CBK pp 317 - 318. 

AlO3, p. 169 describes it as a table if subjects and objects specifying the access rights a certain subject possesses pertaining to specific objects. 

In either case, the matrix is a way of analyzing the access control needed by a population of subjects to a population of objects. This access control can be applied 
using rules, ACL's, capability tables, etc. 

A role-based matrix is incorrect. Again, a matrix of roles vs objects could be used as a tool for thinking about the access control to be applied to a set of objects. 
The results of the analysis could then be implemented using RBAC. 

References: 

CBK, Domain 2: Access Control. AlO3, Chapter 4: Access Control 


NEW QUESTION 39 
- (Topic 1) 
In the CIA triad, what does the letter A stand for? 


A. Auditability 
B. Accountability 
C. Availability 
D. Authentication 


Answer: C 


Explanation: 
The CIA triad stands for Confidentiality, Integrity and Availability. 


NEW QUESTION 40 

- (Topic 1) 

A department manager has read access to the salaries of the employees in his/her department but not to the salaries of employees in other departments. A 
database security mechanism that enforces this policy would typically be said to provide which of the following? 


A. Content-dependent access control 
B. Context-dependent access control 
C. Least privileges access control 

D. Ownership-based access control 


Answer: A 


Explanation: 

When access control is based on the content of an object, it is considered to be content dependent access control. 

Content-dependent access control is based on the content itself. The following answers are incorrect: 

context-dependent access control. Is incorrect because this type of control is based on what the context is, facts about the data rather than what the object 
contains. 

least privileges access control. Is incorrect because this is based on the least amount of rights needed to perform their jobs and not based on what is contained in 
the database. ownership-based access control. Is incorrect because this is based on the owner of the data and and not based on what is contained in the 
database. 

References: 

OIG CBK Access Control (page 191) 


NEW QUESTION 42 
- (Topic 1) 
Which of the following attacks could capture network user passwords? 


A. Data diddling 
B. Sniffing 

C. IP Spoofing 
D. Smurfing 


Answer: B 


Explanation: 

A network sniffer captures a copy every packet that traverses the network segment the sniffer is connect to. 

Sniffers are typically devices that can collect information from a communication medium, such as a network. These devices can range from specialized equipment 
to basic workstations with customized software. 

A sniffer can collect information about most, if not all, attributes of the communication. The most common method of sniffing is to plug a sniffer into an existing 
network device like a hub or switch. A hub (which is designed to relay all traffic passing through it to all of its ports) will automatically begin sending all the traffic on 
that network segment to the sniffing device. On the other hand, a switch (which is designed to limit what traffic gets sent to which port) will have to be specially 
configured to send all traffic to the port where the sniffer is plugged in. 

Another method for sniffing is to use a network tap??a device that literally splits a network transmission into two identical streams; one going to the original network 
destination and the other going to the sniffing device. Each of these methods has its advantages and disadvantages, including cost, feasibility, and the desire to 
maintain the secrecy of the sniffing activity. 

The packets captured by sniffer are decoded and then displayed by the sniffer. Therfore, if the username/password are contained in a packet or packets traversing 
the segment the sniffer is connected to, it will capture and display that information (and any other information on that segment it can see). 

Of course, if the information is encrypted via a VPN, SSL, TLS, or similar technology, the information is still captured and displayed, but it is in an unreadable 
format. 

The following answers are incorrect: 

Data diddling involves changing data before, as it is enterred into a computer, or after it is extracted. 

Spoofing is forging an address and inserting it into a packet to disguise the origin of the communication - or causing a system to respond to the wrong address. 
Smurfing would refer to the smurf attack, where an attacker sends spoofed packets to the broadcast address on a gateway in order to cause a denial of service. 
The following reference(s) were/was used to create this question: CISA Review manual 2014 Page number 321 

Official ISC2 Guide to the CISSP 3rd edition Page Number 153 
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NEW QUESTION 43 

- (Topic 1) 

Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the 
amount and impact of unintentional errors that are entering the system? 


A. Detective Controls 

B. Preventative Controls 
C. Corrective Controls 
D. Directive Controls 


Answer: B 


Explanation: 

In the Operations Security domain, Preventative Controls are designed to prevent unauthorized intruders from internally or externally accessing the system, and to 
lower the amount and impact of unintentional errors that are entering the system. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: 
Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 217. 


NEW QUESTION 47 
- (Topic 1) 
Which of the following choices describe a Challenge-response tokens generation? 


A. A workstation or system that generates a random challenge string that the user enters into the token when prompted along with the proper PIN. 
B. A workstation or system that generates a random login id that the user enters when prompted along with the proper PIN. 

C. A special hardware device that is used to generate ramdom text in a cryptography system. 

D. The authentication mechanism in the workstation or system does not determine if the owner should be authenticated. 


Answer: A 


Explanation: 

Challenge-response tokens are: 

- A workstation or system generates a random challenge string and the owner enters the string into the token along with the proper PIN. 

- The token generates a response that is then entered into the workstation or system. 

- The authentication mechanism in the workstation or system then determines if the owner should be authenticated. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. 
Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 136-137). 


NEW QUESTION 48 

- (Topic 1) 

This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered 
suspicious? 


A. Checkpoint level 
B. Ceiling level 

C. Clipping level 

D. Threshold level 


Answer: C 


Explanation: 

Organizations usually forgive a particular type, number, or pattern of violations, thus permitting a predetermined number of user errors before gathering this data 
for analysis. An organization attempting to track all violations, without sophisticated statistical computing ability, would be unable to manage the sheer quantity of 
such data. To make a violation listing effective, a clipping level must be established. 

The clipping level establishes a baseline for violation activities that may be normal user errors. Only after this baseline is exceeded is a violation record produced. 
This solution is particularly effective for small- to medium-sized installations. Organizations with large-scale computing facilities often track all violations and use 
statistical routines to cull out the minor infractions (e.g., forgetting a password or mistyping it several times). 

If the number of violations being tracked becomes unmanageable, the first step in correcting the problems should be to analyze why the condition has occurred. 
Do users understand how they are to interact with the computer resource? Are the rules too difficult to follow? Violation tracking and analysis can be valuable tools 
in assisting an organization to develop thorough but useable controls. Once these are in place and records are produced that accurately reflect serious violations, 
tracking and analysis become the first line of defense. With this procedure, intrusions are discovered before major damage occurs and sometimes early enough to 
catch the perpetrator. In addition, business protection and preservation are strengthened. 

The following answers are incorrect: 

All of the other choices presented were simply detractors. The following reference(s) were used for this question: 

Handbook of Information Security Management 


NEW QUESTION 53 

- (Topic 1) 

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such 
as in a biometric authentication system, the system becomes increasingly selective and has the possibility of generating: 


A. Lower False Rejection Rate (FRR) 
B. Higher False Rejection Rate (FRR) 
C. Higher False Acceptance Rate (FAR) 
D. It will not affect either FAR or FRR 


Answer: B 
Explanation: 
Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such 


as in a biometric authentication system, the system becomes increasingly selective and has a higher False Rejection Rate (FRR). 
Conversely, if the sensitivity is decreased, the False Acceptance Rate (FRR) will increase. Thus, to have a valid measure of the system performance, the Cross 
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Over Error (CER) rate is used. The Crossover Error Rate (CER) is the point at which the false rejection rates and the false acceptance rates are equal. The lower 
the value of the CER, the more accurate the system. 

There are three categories of biometric accuracy measurement (all represented as percentages): 

False Reject Rate (a Type | Error): When authorized users are falsely rejected as unidentified or unverified. 

False Accept Rate (a Type II Error): When unauthorized persons or imposters are falsely accepted as authentic. 

Crossover Error Rate (CER): The point at which the false rejection rates and the false acceptance rates are equal. The smaller the value of the CER, the more 
accurate the system. 

NOTE: 

Within the ISC2 book they make use of the term Accept or Acceptance and also Reject or Rejection when referring to the type of errors within biometrics. Below 
we make use of Acceptance and Rejection throughout the text for conistency. However, on the real exam you could see either of the terms. 

Performance of biometrics 

Different metrics can be used to rate the performance of a biometric factor, solution or application. The most common performance metrics are the False 
Acceptance Rate FAR and the False Rejection Rate FRR. 

When using a biometric application for the first time the user needs to enroll to the system. The system requests fingerprints, a voice recording or another biometric 
factor from the 

operator, this input is registered in the database as a template which is linked internally to a user ID. The next time when the user wants to authenticate or identify 
himself, the biometric input provided by the user is compared to the template(s) in the database by a matching algorithm which responds with acceptance (match) 
or rejection (no match). 

FAR and FRR 

The FAR or False Acceptance rate is the probability that the system incorrectly authorizes a non-authorized person, due to incorrectly matching the biometric input 
with a valid template. The FAR is normally expressed as a percentage, following the FAR definition this is the percentage of invalid inputs which are incorrectly 
accepted. 

The FRR or False Rejection Rate is the probability that the system incorrectly rejects access to an authorized person, due to failing to match the biometric input 
provided by the user with a stored template. The FRR is normally expressed as a percentage, following the FRR definition this is the percentage of valid inputs 
which are incorrectly rejected. 

FAR and FRR are very much dependent on the biometric factor that is used and on the technical implementation of the biometric solution. Furthermore the FRR is 
strongly person dependent, a personal FRR can be determined for each individual. 

Take this into account when determining the FRR of a biometric solution, one person is insufficient to establish an overall FRR for a solution. Also FRR might 
increase due to environmental conditions or incorrect use, for example when using dirty fingers on a fingerprint reader. Mostly the FRR lowers when a user gains 
more experience in how to use the biometric device or software. 

FAR and FRR are key metrics for biometric solutions, some biometric devices or software even allow to tune them so that the system more quickly matches or 
rejects. Both FRR and FAR are important, but for most applications one of them is considered most important. Two examples to illustrate this: 

When biometrics are used for logical or physical access control, the objective of the application is to disallow access to unauthorized individuals under all 
circumstances. It is clear that a very low FAR is needed for such an application, even if it comes at the price of a higher FRR. 

When surveillance cameras are used to screen a crowd of people for missing children, the objective of the application is to identify any missing children that come 
up on the screen. When the identification of those children is automated using a face recognition software, this software has to be set up with a low FRR. As such 
a higher number of matches will be false positives, but these can be reviewed quickly by surveillance personnel. 

False Acceptance Rate is also called False Match Rate, and False Rejection Rate is sometimes referred to as False Non-Match Rate. 

crossover error rate 


Sensitivity 


crossover error rate 

Above see a graphical representation of FAR and FRR errors on a graph, indicating the CER 

CER 

The Crossover Error Rate or CER is illustrated on the graph above. It is the rate where both FAR and FRR are equal. 

The matching algorithm in a biometric software or device uses a (configurable) threshold which determines how close to a template the input must be for it to be 
considered a match. This threshold value is in some cases referred to as sensitivity, it is marked on the X axis of the plot. When you reduce this threshold there will 
be more false acceptance errors (higher FAR) and less false rejection errors (lower FRR), a higher threshold will lead to lower FAR and higher FRR. 

Speed 

Most manufacturers of biometric devices and softwares can give clear numbers on the time it takes to enroll as well on the time for an individual to be 
authenticated or identified using their application. If soeed is important then take your time to consider this, 5 seconds might seem a short time on paper or when 
testing a device but if hundreds of people will use the device multiple times a day the cumulative loss of time might be significant. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third 

Edition ((ISC)2 Press) (Kindle Locations 2723-2731). Auerbach Publications. Kindle Edition. 

and 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. 

and 

http :/Awww.biometric-solutions.com/index.php?story=performance_biometrics 


NEW QUESTION 54 
- (Topic 1) 
What are the components of an object's sensitivity label? 


A. A Classification Set and a single Compartment. 
B. A single classification and a single compartment. 
C. A Classification Set and user credentials. 

D. A single classification and a Compartment Set. 
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Answer: D 


Explanation: 

Both are the components of a sensitivity label. The following are incorrect: 

A Classification Set and a single Compartment. Is incorrect because the nomenclature "Classification Set" is incorrect, there only one classifcation and it is not a 
"single compartment” but a Compartment Set. 

A single classification and a single compartment. Is incorrect because while there only is one classifcation, it is not a "single compartment" but a Compartment Set. 
A Classification Set and user credentials. Is incorrect because the nomenclature "Classification Set" is incorrect, there only one classifcation and it is not "user 
credential” but a Compartment Set. The user would have their own sensitivity label. 


NEW QUESTION 59 
- (Topic 1) 
Who first described the DoD multilevel military security policy in abstract, formal terms? 


A. David Bell and Leonard LaPadula 
B. Rivest, Shamir and Adleman 

C. Whitfield Diffie and Martin Hellman 
D. David Clark and David Wilson 


Answer: A 


Explanation: 

It was David Bell and Leonard LaPadula who, in 1973, first described the DoD multilevel military security policy in abstract, formal terms. The Bell-LaPadula is a 
Mandatory Access Control (MAC) model concerned with confidentiality. Rivest, Shamir and Adleman (RSA) developed the RSA encryption algorithm. Whitfield 
Diffie and Martin Hellman published the Diffie-Hellman key agreement algorithm in 1976. David Clark and David Wilson developed the Clark-Wilson integrity 
model, more appropriate for security in commercial activities. 

Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (pages 78,109). 


NEW QUESTION 61 
- (Topic 1) 
Why should batch files and scripts be stored in a protected area? 


A. Because of the least privilege concept. 
B. Because they cannot be accessed by operators. 
C. Because they may contain credentials. 
D. Because of the need-to-know concept. 


Answer: C 


Explanation: 

Because scripts contain credentials, they must be stored in a protected area and the transmission of the scripts must be dealt with carefully. Operators might need 
access to batch files and scripts. The least privilege concept requires that each subject in a system be granted the most restrictive set of privileges needed for the 
performance of authorized tasks. The need-to-know principle requires a user having necessity for access to, knowledge of, or possession of specific information 
required to perform official tasks or services. 

Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System & Methodology (page 3) 


NEW QUESTION 62 
- (Topic 1) 
What physical characteristic does a retinal scan biometric device measure? 


A. The amount of light reaching the retina 

B. The amount of light reflected by the retina 

C. The pattern of light receptors at the back of the eye 
D. The pattern of blood vessels at the back of the eye 


Answer: D 


Explanation: 

The retina, a thin nerve (1/50th of an inch) on the back of the eye, is the part of the eye which senses light and transmits impulses through the optic nerve to the 
brain - the equivalent of film in a camera. Blood vessels used for biometric identification are located along the neural retina, the outermost of retina's four cell 
layers. 

The following answers are incorrect: 

The amount of light reaching the retina The amount of light reaching the retina is not used in the biometric scan of the retina. 

The amount of light reflected by the retina The amount of light reflected by the retina is not used in the biometric scan of the retina. 

The pattern of light receptors at the back of the eye This is a distractor The following reference(s) were/was used to create this question: Reference: Retina Scan 
Technology. 

ISC2 Official Guide to the CBK, 2007 (Page 161) 


NEW QUESTION 63 

- (Topic 1) 

Which of the following is NOT part of the Kerberos authentication protocol? 
A. Symmetric key cryptography 

B. Authentication service (AS) 

C. Principals 

D. Public Key 


Answer: D 
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Explanation: 

There is no such component within kerberos environment. Kerberos uses only symmetric encryption and does not make use of any public key component. 
The other answers are incorrect because : 

Symmetric key cryptography is a part of Kerberos as the KDC holds all the users' and 

services’ secret keys. 

Authentication service (AS) : KDC (Key Distribution Center) provides an authentication service 

Principals : Key Distribution Center provides services to principals , which can be users , applications or network services. 

References: Shon Harris , AIO v3 , Chapter - 4: Access Control , Pages : 152-155. 


NEW QUESTION 64 
- (Topic 1) 
The following is NOT a security characteristic we need to consider while choosing a biometric identification systems: 


A. data acquisition process 
B. cost 

C. enrollment process 

D. speed and user interface 


Answer: B 


Explanation: 

Cost is a factor when considering Biometrics but it is not a security characteristic. 

All the other answers are incorrect because they are security characteristics related to Biometrics. 

data acquisition process can cause a security concern because if the process is not fast and efficient it can discourage individuals from using the process. 
enrollment process can cause a security concern because the enrollment process has to be quick and efficient. This process captures data for authentication. 
speed and user interface can cause a security concern because this also impacts the users acceptance rate of biometrics. If they are not comfortable with the 
interface and speed they might sabotage the devices or otherwise attempt to circumvent them. 

References: 

OIG Access Control (Biometrics) (pgs 165-167) 

From: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, Pages 5-6. 

in process of correction 


NEW QUESTION 69 
- (Topic 1) 
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to? 


A. llliminated at nine feet high with at least three foot-candles 
B. Illiminated at eight feet high with at least three foot-candles 
C. llliminated at eight feet high with at least two foot-candles 
D. Illuminated at nine feet high with at least two foot-candles 


Answer: B 


Explanation: 

The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet 
high with at least two foot-candles. 

It can also be referred to as illuminating to a height of eight feet, with a BRIGHTNESS of two foot-candles. 

One footcandle 10.764 lux. The footcandle (or lumen per square foot) is a non-Sl unit of illuminance. Like the BTU, it is obsolete but it is still in fairly common use 
in the United States, particularly in construction-related engineering and in building codes. Because lux and footcandles are different units of the same quantity, it 
is perfectly valid to convert footcandles to lux and vice versa. 

The name "footcandle" conveys "the illuminance cast on a surface by a one-candela source one foot away." As natural as this sounds, this style of name is now 
frowned upon, because the dimensional formula for the unit is not foot * candela, but lumens per square foot. 

Some sources do however note that the "lux" can be thought of as a "metre-candle" (i.e. the illuminance cast on a surface by a one-candela source one meter 
away). A source that is farther away casts less illumination than one that is close, so one lux is less illuminance than one footcandle. Since illuminance follows the 
inverse-square law, and since one foot = 0.3048 m, one lux = 0.30482 footcandle 1/10.764 footcandle. 

TIPS FROM CLEMENT: 

Illuminance (light level) ?C The amount of light, measured in foot-candles (US unit), that falls n a surface, either horizontal or vertical. 

Parking lots lighting needs to be an average of 2 foot candles; uniformity of not more than 3:1, no area less than 1 fc. 

All illuminance measurements are to be made on the horizontal plane with a certified light meter calibrated to NIST standards using traceable light sources. 

The CISSP Exam Cram 2 from Michael Gregg says: Lighting is a commonly used form of perimeter protection. 

Some studies have found that up to 80% of criminal acts at businesses and shopping centers happen in adjacent parking lots. Therefore, it's easy to see why 
lighting can be such an important concern. 

Outside lighting discourages prowlers and thieves. 

The National Institute of Standards and Technologies (NIST) states that, for effective perimeter control, buildings should be illuminated 8 feet high, with 2-foot 
candle power. 

Reference used for this question: 

HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 325. 

and 

Shon's AIO v5 pg 459 and 

http://en.wikipedia.org/wiki/Foot-candle 


NEW QUESTION 70 
- (Topic 1) 
Which of the following is true of two-factor authentication? 


A. It uses the RSA public-key signature based on integers with large prime factors. 
B. It requires two measurements of hand geometry. 

C. It does not use single sign-on technology. 

D. It relies on two independent proofs of identity. 
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Answer: D 


Explanation: 

The Answer It relies on two independent proofs of identity. Two-factor authentication refers to using two independent proofs of identity, such as something the 
user has (e.g. a token card) and something the user knows (a password). Two-factor authentication may be used with single sign-on. 

The following answers are incorrect: It requires two measurements of hand geometry. Measuring hand geometry twice does not yield two independent proofs. 
It uses the RSA public-key signature based on integers with large prime factors. RSA encryption uses integers with exactly two prime factors, but the term "two- 
factor authentication" is not used in that context. 

It does not use single sign-on technology. This is a detractor. The following reference(s) were/was used to create this question: 

Shon Harris AlO v.3 p.129 

ISC2 OIG, 2007 p. 126 


NEW QUESTION 73 
- (Topic 1) 
In the context of access control, locks, gates, guards are examples of which of the following? 


A. Administrative controls 
B. Technical controls 

C. Physical controls 

D. Logical controls 


Answer: C 


Explanation: 

Administrative, technical and physical controls are categories of access control mechanisms. 

Logical and Technical controls are synonymous. So both of them could be eliminated as possible choices. 

Physical Controls: These are controls to protect the organization??s people and physical environment, such as locks, gates, and guards. Physical controls may be 
called ??operational controls?? in some contexts. 

Physical security covers a broad spectrum of controls to protect the physical assets (primarily the people) in an organization. Physical Controls are sometimes 
referred to as ??0perational?? controls in some risk management frameworks. These controls range from doors, locks, and windows to environment controls, 
construction standards, and guards. Typically, physical security is based on the notion of establishing security zones or concentric areas within a facility that 
require increased security as you get closer to the 

valuable assets inside the facility. Security zones are the physical representation of the defense-in-depth principle discussed earlier in this chapter. Typically, 
security zones are associated with rooms, offices, floors, or smaller elements, such as a cabinet or storage locker. The design of the physical security controls 
within the facility must take into account the protection of the asset as well as the individuals working in that area. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1301-1303). Auerbach 
Publications. Kindle Edition. 

and 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1312-1318). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 76 
- (Topic 1) 
Access Control techniques do not include which of the following? 


A. Rule-Based Access Controls 

B. Role-Based Access Control 

C. Mandatory Access Control 

D. Random Number Based Access Control 


Answer: D 


Explanation: 

Access Control Techniques Discretionary Access Control 

Mandatory Access Control Lattice Based Access Control Rule-Based Access Control Role-Based Access Control 

Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 13. 


NEW QUESTION 77 
- (Topic 1) 
Which of the following is not a preventive login control? 


A. Last login message 

B. Password aging 

C. Minimum password length 
D. Account expiration 


Answer: A 
Explanation: 
The last login message displays the last login date and time, allowing a user to discover if their account was used by someone else. Hence, this is rather a 


detective control. 
Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (page 63). 


NEW QUESTION 82 
- (Topic 1) 
How can an individual/person best be identified or authenticated to prevent local masquarading attacks? 


A. Userld and password 
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B. Smart card and PIN code 
C. Two-factor authentication 
D. Biometrics 


Answer: D 


Explanation: 

The only way to be truly positive in authenticating identity for access is to base the authentication on the physical attributes of the persons themselves (i.e., 
biometric 

identification). Physical attributes cannot be shared, borrowed, or duplicated. They ensure that you do identify the person, however they are not perfect and they 
would have to be supplemented by another factor. 

Some people are getting thrown off by the term Masquarade. In general, a masquerade is a disguise. In terms of communications security issues, a masquerade is 
a type of attack where the attacker pretends to be an authorized user of a system in order to gain access to it or to gain greater privileges than they are authorized 
for. A masquerade may be attempted through the use of stolen logon IDs and passwords, through finding security gaps in programs, or through bypassing the 
authentication mechanism. Spoofing is another term used to describe this type of attack as well. 

A Userld only provides for identification. 

A password is a weak authentication mechanism since passwords can be disclosed, shared, written down, and more. 

A smart card can be stolen and its corresponding PIN code can be guessed by an intruder. A smartcard can be borrowed by a friend of yours and you would have 
no clue as to who is really logging in using that smart card. 

Any form of two-factor authentication not involving biometrics cannot be as reliable as a biometric system to identify the person. 

Biometric identifying verification systems control people. If the person with the correct hand, eye, face, signature, or voice is not present, the identification and 
verification cannot take place and the desired action (i.e., portal passage, data, or resource access) does not occur. 

As has been demonstrated many times, adversaries and criminals obtain and successfully use access cards, even those that require the addition of a PIN. This is 
because these systems control only pieces of plastic (and sometimes information), rather than people. Real asset and resource protection can only be 
accomplished by people, not cards and information, because unauthorized persons can (and do) obtain the cards and information. 

Further, life-cycle costs are significantly reduced because no card or PIN administration system or personnel are required. The authorized person does not lose 
physical characteristics (i.e., hands, face, eyes, signature, or voice), but cards and PINs are continuously lost, stolen, or forgotten. This is why card access 
systems require systems and people to administer, control, record, and issue (new) cards and PINs. Moreover, the cards are an expensive and recurring cost. 
NOTE FROM CLEMENT: 

This question has been generating lots of interest. The keyword in the question is: Individual (the person) and also the authenticated portion as well. 

| totally agree with you that Two Factors or Strong Authentication would be the strongest means of authentication. However the question is not asking what is the 
strongest mean of authentication, it is asking what is the best way to identify the user (individual) behind the technology. When answering questions do not make 
assumptions to facts not presented in the question or answers. 

Nothing can beat Biometrics in such case. You cannot lend your fingerprint and pin to someone else, you cannot borrow one of my eye balls to defeat the Iris or 
Retina scan. This is why it is the best method to authenticate the user. 

| think the reference is playing with semantics and that makes it a bit confusing. | have improved the question to make it a lot clearer and | have also improve the 
explanations attached with the question. 

The reference mentioned above refers to authenticating the identity for access. So the distinction is being made that there is identity and there is authentication. In 
the case of physical security the enrollment process is where the identity of the user would be validated and then the biometrics features provided by the user 
would authenticate the user on a one to one matching basis (for authentication) with the reference contained in the database of biometrics templates. In the case 
of system access, the user might have to provide a username, a pin, a passphrase, a smart card, and then provide his biometric attributes. 

Biometric can also be used for Identification purpose where you do a one to many match. You take a facial scan of someone within an airport and you attempt to 
match it with a large database of known criminal and terrorists. This is how you could use biometric for Identification. 

There are always THREE means of authentication, they are: Something you know (Type 1) 

Something you have (Type 2) 

Something you are (Type 3) 

Reference(s) used for this question: 

TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1) , 2000, CRC Press, Chapter 1, Biometric Identification 
(page 7). 

and 

Search Security at http://searchsecurity.techtarget.com/definition/masquerade 


NEW QUESTION 83 
- (Topic 1) 
Which authentication technique best protects against hijacking? 


A. Static authentication 

B. Continuous authentication 
C. Robust authentication 

D. Strong authentication 


Answer: B 


Explanation: 

A continuous authentication provides protection against impostors who can see, alter, and insert information passed between the claimant and verifier even after 
the claimant/verifier authentication is complete. This is the best protection against hijacking. Static authentication is the type of authentication provided by 
traditional password schemes and the strength of the authentication is highly dependent on the difficulty of guessing passwords. The robust authentication 
mechanism relies on dynamic authentication data that changes with each authenticated session between a claimant and a verifier, and it does not protect against 
hijacking. Strong authentication refers to a two-factor authentication (like something a user knows and something a user is). 

Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 3: Secured 
Connections to External Networks (page 51). 


NEW QUESTION 84 
- (Topic 1) 
Which of the following is the LEAST user accepted biometric device? 


A. Fingerprint 

B. Iris scan 

C. Retina scan 

D. Voice verification 
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Answer: C 


Explanation: 

The biometric device that is least user accepted is the retina scan, where a system scans the blood-vessel pattern on the backside of the eyeball. When using this 
device, an individual has to place their eye up to a device, and may require a puff of air to be blown into the eye. The iris scan only needs for an individual to 
glance at a camera that could be placed above a door. 

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, Chapter 4: Access Control (page 131). 


NEW QUESTION 87 
- (Topic 1) 
Examples of types of physical access controls include all EXCEPT which of the following? 


A. badges 

B. locks 

C. guards 

D. passwords 


Answer: D 


Explanation: 

Passwords are considered a Preventive/Technical (logical) control. The following answers are incorrect: 

badges Badges are a physical control used to identify an individual. A badge can include a smart device which can be used for authentication and thus a Technical 
control, but the actual badge itself is primarily a physical control. 

locks Locks are a Preventative Physical control and has no Technical association. guards Guards are a Preventative Physical control and has no Technical 
association. 

The following reference(s) were/was used to create this question: 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: 
Access control systems (page 35). 


NEW QUESTION 91 
- (Topic 1) 
Which of the following access control models introduces user security clearance and data classification? 


A. Role-based access control 

B. Discretionary access control 

C. Non-discretionary access control 
D. Mandatory access control 


Answer: D 


Explanation: 

The mandatory access control model is based on a security label system. Users are given a security clearance and data is classified. The classification is stored 
in the security labels of the resources. Classification labels specify the level of trust a user must have to access a certain file. 

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, Chapter 4: Access Control (Page 154). 


NEW QUESTION 95 
- (Topic 1) 
Which of the following is NOT an advantage that TACACS+ has over TACACS? 


A. Event logging 

B. Use of two-factor password authentication 

C. User has the ability to change his password 

D. Ability for security tokens to be resynchronized 


Answer: A 


Explanation: 

Although TACACS+ provides better audit trails, event logging is a service that is provided with TACACS. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: 
Telecommunications and Network Security (page 121). 


NEW QUESTION 99 
- (Topic 1) 
Which of the following is NOT true of the Kerberos protocol? 


A. Only a single login is required per session. 

B. The initial authentication steps are done using public key algorithm. 

C. The KDC is aware of all systems in the network and is trusted by all of them 
D. It performs mutual authentication 


Answer: B 


Explanation: 

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. It has 
the following characteristics: 

It is secure: it never sends a password unless it is encrypted. 

Only a single login is required per session. Credentials defined at login are then passed between resources without the need for additional logins. 

The concept depends on a trusted third party ?C a Key Distribution Center (KDC). The KDC is aware of all systems in the network and is trusted by all of them. 
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It performs mutual authentication, where a client proves its identity to a server and a server proves its identity to the client. 

Kerberos introduces the concept of a Ticket-Granting Server/Service (TGS). A client that wishes to use a service has to receive a ticket from the TGS ?C a ticket is 
a time-limited 

cryptographic message ?C giving it access to the server. Kerberos also requires an Authentication Server (AS) to verify clients. The two servers combined make 
up a KDC. 

Within the Windows environment, Active Directory performs the functions of the KDC. The following figure shows the sequence of events required for a client to 
gain access to a service using Kerberos authentication. Each step is shown with the Kerberos message associated with it, as defined in RFC 4120 ??The 
Kerberos Network Authorization Service (V5)??. 
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C:\Users\MCS\Desktop\1.jpg Kerberos Authentication Step by Step 

Step 1: The user logs on to the workstation and requests service on the host. The workstation sends a message to the Authorization Server requesting a ticket 
granting ticket (TGT). 

Step 2: The Authorization Server verifies the user??s access rights in the user database and creates a TGT and session key. The Authorization Sever encrypts the 
results using a key derived from the user??s password and sends a message back to the user workstation. 

The workstation prompts the user for a password and uses the password to decrypt the incoming message. When decryption succeeds, the user will be able to 
use the TGT to request a service ticket. 

Step 3: When the user wants access to a service, the workstation client application sends a request to the Ticket Granting Service containing the client name, 
realm name and a timestamp. The user proves his identity by sending an authenticator encrypted with the session key received in Step 2. 

Step 4: The TGS decrypts the ticket and authenticator, verifies the request, and creates a ticket for the requested server. The ticket contains the client name and 
optionally the client IP address. It also contains the realm name and ticket lifespan. The TGS returns the ticket to the user workstation. The returned message 
contains two copies of a server session key 

?C one encrypted with the client password, and one encrypted by the service password. 

Step 5: The client application now sends a service request to the server containing the ticket received in Step 4 and an authenticator. The service authenticates the 
request by decrypting the session key. The server verifies that the ticket and authenticator match, and then grants access to the service. This step as described 
does not include the authorization performed by the Intel AMT device, as described later. 

Step 6: If mutual authentication is required, then the server will reply with a server authentication message. 

The Kerberos server knows "secrets" (encrypted passwords) for all clients and servers under its control, or it is in contact with other secure servers that have this 
information. These "secrets" are used to encrypt all of the messages shown in the figure above. 

To prevent "replay attacks," Kerberos uses timestamps as part of its protocol definition. For timestamps to work properly, the clocks of the client and the server 
need to be in synch as much as possible. In other words, both computers need to be set to the same time and date. Since the clocks of two computers are often 
out of synch, administrators can establish a policy to establish the maximum acceptable difference to Kerberos between a client's clock and server's clock. If the 
difference between a client's clock and the server's clock is less than the maximum time difference specified in this policy, any timestamp used in a session 
between the two computers will be considered authentic. The maximum difference is usually set to five minutes. 

Note that if a client application wishes to use a service that is "Kerberized" (the service is configured to perform Kerberos authentication), the client must also be 
Kerberized so that it expects to support the necessary message responses. 

For more information about Kerberos, see http://web.mit.edu/kerberos/www/. 

References: 

Introduction to Kerberos Authentication from Intel 

and 

http://www.zeroshell.net/eng/kerberos/Kerberos-definitions/#1.3.5.3 and 

http://www. ietf.org/rfc/rfc4120.txt 


NEW QUESTION 100 
- (Topic 1) 
In Synchronous dynamic password tokens: 


A. The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key). 

B. The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key). 
C. The unique password is not entered into a system or workstation along with an owner's PIN. 

D. The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is invalid and that it 
was entered during the invalid time window. 


Answer: A 


Explanation: 

Synchronous dynamic password tokens: 

- The token generates a new password value at fixed time intervals (this password could be the time of day encrypted with a secret key). 

- the unique password is entered into a system or workstation along with an owner's PIN. 

- The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is valid and that it 
was entered during the valid time window. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. 
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NEW QUESTION 105 
- (Topic 1) 
Why do buffer overflows happen? What is the main cause? 


A. Because buffers can only hold so much data 

B. Because of improper parameter checking within the application 
C. Because they are an easy weakness to exploit 

D. Because of insufficient system memory 


Answer: B 


Explanation: 

Buffer Overflow attack takes advantage of improper parameter checking within the application. This is the classic form of buffer overflow and occurs because the 
programmer accepts whatever input the user supplies without checking to make sure that the length of the input is less than the size of the buffer in the program. 
The buffer overflow problem is one of the oldest and most common problems in software development and programming, dating back to the introduction of 
interactive computing. It can result when a program fills up the assigned buffer of memory with more data than its buffer can hold. When the program begins to 
write beyond the end of the buffer, the program??s execution path can be changed, or data can be written into areas used by the operating system itself. This can 
lead to the insertion of malicious code that can be used to gain administrative privileges on the program or system. 

As explained by Gaurab, it can become very complex. At the time of input even if you are checking the length of the input, it has to be check against the buffer 
size. Consider a case where entry point of data is stored in Buffer1 of Application! and then you copy it to Buffer2 within Application2 later on, if you are just 
checking the length of data against Buffer1, it will 

not ensure that it will not cause a buffer overflow in Buffer2 of Application2. 

A bit of reassurance from the ISC2 book about level of Coding Knowledge needed for the exam: 

It should be noted that the CISSP is not required to be an expert programmer or know the inner workings of developing application software code, like the 
FORTRAN programming language, or how to develop Web applet code using Java. It is not even necessary that the CISSP know detailed security-specific coding 
practices such as the major divisions of buffer overflow exploits or the reason for preferring str(n)cpy to strcpy in the C language (although all such knowledge is, of 
course, helpful). Because the CISSP may be the person responsible for ensuring that security is included in such developments, the CISSP should know the basic 
procedures and concepts involved during the design and development of software programming. That is, in order for the CISSP to monitor the software 
development process and verify that security is included, the CISSP must understand the fundamental concepts of programming developments and the security 
strengths and weaknesses of various application development processes. 

The following are incorrect answers: 

"Because buffers can only hold so much data" is incorrect. This is certainly true but is not the best answer because the finite size of the buffer is not the problem -- 
the problem is that the programmer did not check the size of the input before moving it into the buffer. 

"Because they are an easy weakness to exploit" is incorrect. This answer is sometimes true but is not the best answer because the root cause of the buffer 
overflow is that the programmer did not check the size of the user input. 

"Because of insufficient system memory” is incorrect. This is irrelevant to the occurrence of a buffer overflow. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 13319-13323). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 109 
- (Topic 1) 
Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of the strong star property? 


A. It allows "read up." 

B. It addresses covert channels. 

C. It addresses management of access controls. 
D. It allows "write up." 


Answer: D 


Explanation: 

Bell?CLaPadula Confidentiality Model10 The Bell?GLaPadula model is perhaps the most well-known and significant security model, in addition to being one of the 
oldest models used in the creation of modern secure computing systems. Like the Trusted Computer System Evaluation Criteria (or TCSEC), it was inspired by 
early U.S. Department of Defense security policies and the need to prove that confidentiality could be maintained. In other words, its primary goal is to prevent 
disclosure as the model system moves from one state (one point in time) to another. 

When the strong star property is not being used it means that both the property and the 

Simple Security Property rules would be applied. 

The Star (*) property rule of the Bell-LaPadula model says that subjects cannot write down, this would compromise the confidentiality of the information if someone 
at the secret layer would write the object down to a confidential container for example. 
The Simple Security Property rule states that the subject cannot read up which means that a subject at the secret layer would not be able to access objects at Top 

Secret for example. 

You must remember: The model tells you about are NOT allowed to do. Anything else would be allowed. For example within the Bell LaPadula model you would 
be allowed to write up as it does not compromise the security of the information. In fact it would upgrade it to the point that you could lock yourself out of your own 
information if you have only a secret security clearance. 

The following are incorrect answers because they are all FALSE: 

"It allows read up" is incorrect. The "simple security" property forbids read up. 

"It addresses covert channels" is incorrect. Covert channels are not addressed by the Bell- LaPadula model. 

"It addresses management of access controls" is incorrect. Management of access controls are beyond the scope of the Bell-LaPadula model. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 17595-17600). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 114 

- (Topic 1) 

In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the 
subject-to-object interactions take place? 


A. Bell-LaPadula model 


B. Biba model 
C. Access Matrix model 
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D. Take-Grant model 
Answer: A 


Explanation: 

The Bell-LAPadula model is also called a multilevel security system because users with different clearances use the system and the system processes data with 
different classifications. Developed by the US Military in the 1970s. 

A security model maps the abstract goals of the policy to information system terms by specifying explicit data structures and techniques necessary to enforce the 
security policy. A security model is usually represented in mathematics and analytical ideas, which are mapped to system specifications and then developed by 
programmers through programming code. So we have a policy that encompasses security goals, such as ??each subject must be authenticated and authorized 
before accessing an object.?? The security model takes this requirement and provides the necessary mathematical formulas, relationships, and logic structure to 
be followed to accomplish this goal. 

A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system 
processes data at different classification levels. The level at which information is classified determines the handling procedures that should be used. The Bell- 
LaPadula model is a state machine model that enforces the confidentiality aspects of access control. A matrix and security levels are used to determine if subjects 
can access different objects. The subject??s clearance is compared to the object??s classification and then specific rules are applied to control how subject-to- 
object subject-to-object interactions can take place. 

Reference(s) used for this question: 

Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 369). McGraw- Hill. Kindle Edition. 


NEW QUESTION 119 

- (Topic 1) 

An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is 
known as a(n): 


A. active attack 
B. outside attack 
C. inside attack 
D. passive attack 


Answer: C 


Explanation: 

An inside attack is an attack initiated by an entity inside the security perimeter, an entity that is authorized to access system resources but uses them in a way not 
approved by those who granted the authorization whereas an outside attack is initiated from outside the perimeter, by an unauthorized or illegitimate user of the 
system. An active attack attempts to alter system resources to affect their operation and a passive attack attempts to learn or make use of the information from the 
system but does not affect system resources. 

Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. 


NEW QUESTION 121 
- (Topic 1) 
What are called user interfaces that limit the functions that can be selected by a user? 


A. Constrained user interfaces 
B. Limited user interfaces 

C. Mini user interfaces 

D. Unlimited user interfaces 


Answer: A 


Explanation: 

Constrained user interfaces limit the functions that can be selected by a user. 

Another method for controlling access is by restricting users to specific functions based on their role in the system. This is typically implemented by limiting 
available menus, data views, encryption, or by physically constraining the user interfaces. 

This is common on devices such as an automated teller machine (ATM). The advantage of a constrained user interface is that it limits potential avenues of attack 
and system failure by restricting the processing options that are available to the user. 

On an ATM machine, if a user does not have a checking account with the bank he or she will not be shown the ??Withdraw money from checking?? option. 
Likewise, an information system might have an ??Add/Remove Users?? menu option for administrators, but if a normal, non-administrative user logs in he or she 
will not even see that menu option. By not even identifying potential options for non-qualifying users, the system limits the potentially harmful execution of 
unauthorized system or application commands. 

Many database management systems have the concept of ??views.?? A database view is an extract of the data stored in the database that is filtered based on 
predefined user or system criteria. This permits multiple users to access the same database while only having the ability to access data they need (or are allowed 
to have) and not data for another user. The use of database views is another example of a constrained user interface. 

The following were incorrect answers: 

All of the other choices presented were bogus answers. 

The following reference(s) were used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1989-2002). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 125 

- (Topic 1) 

An alternative to using passwords for authentication in logical or technical access control is: 
A. manage without passwords 

B. biometrics 

C. not there 

D. use of them for physical access control 


Answer: B 
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Explanation: 

An alternative to using passwords for authentication in logical or technical access control is biometrics. Biometrics are based on the Type 3 authentication 
mechanism-something you are. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. 


NEW QUESTION 129 
- (Topic 1) 
What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database? 


A. Database Management system 
B. Database views 

C. Database security 

D. Database shadowing 


Answer: B 


Explanation: 

The Answer Database views; Database views are mechanisms that restrict access to the information that a user can access in a database.Source: KRUTZ, 
Ronald L. 

& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35. 

Wikipedia has a detailed explantion as well: 

In database theory, a view is a virtual or logical table composed of the result set of a query. Unlike ordinary tables (base tables) in a relational database, a view is 
not part of the physical schema: it is a dynamic, virtual table computed or collated from data in the database. Changing the data in a table alters the data shown in 
the view. 

Views can provide advantages over tables; They can subset the data contained in a table 

They can join and simplify multiple tables into a single virtual table 

Views can act as aggregated tables, where aggregated data (sum, average etc.) are calculated and presented as part of the data 

Views can hide the complexity of data, for example a view could appear as Sales2000 or Sales2001, transparently partitioning the actual underlying table 

Views do not incur any extra storage overhead 

Depending on the SQL engine used, views can provide extra security. 

Limit the exposure to which a table or tables are exposed to outer world 

Just like functions (in programming) provide abstraction, views can be used to create abstraction. Also, just like functions, views can be nested, thus one view can 
aggregate data from other views. Without the use of views it would be much harder to normalise databases above second normal form. Views can make it easier 
to create lossless join decomposition. 


NEW QUESTION 130 
- (Topic 1) 
Which of the following access control models requires security clearance for subjects? 


A. ldentity-based access control 
B. Role-based access control 
C. Discretionary access control 
D. Mandatory access control 


Answer: D 


Explanation: 

With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate the subject's clearance. 
Identity-based access control is a type of discretionary access control. A role-based access control is a type of non-discretionary access control. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: 
Access control systems (page 33). 


NEW QUESTION 135 
- (Topic 1) 
In Discretionary Access Control the subject has authority, within certain limitations, 


A. but he is not permitted to specify what objects can be accessible and so we need to get an independent third party to specify what objects can be accessible. 
B. to specify what objects can be accessible. 

C. to specify on a aggregate basis without understanding what objects can be accessible. 

D. to specify in full detail what objects can be accessible. 


Answer: B 


Explanation: 

With Discretionary Access Control, the subject has authority, within certain limitations, to specify what objects can be accessible. 

For example, access control lists can be used. This type of access control is used in local, dynamic situations where the subjects must have the discretion to 
specify what resources certain users are permitted to access. 

When a user, within certain limitations, has the right to alter the access control to certain objects, this is termed as user-directed discretionary access control. In 
some instances, a hybrid approach is used, which combines the features of user-based and identity-based discretionary access control. 

References: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 

and 

HARRIS, Shon, All-In-One CISSP Certification Exam Guide 5th Edition, McGraw- Hill/Osborne, 2010, Chapter 4: Access Control (page 210-211). 


NEW QUESTION 136 
- (Topic 1) 
Which of the following questions is less likely to help in assessing physical and environmental protection? 


A. Are entry codes changed periodically? 
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B. Are appropriate fire suppression and prevention devices installed and working? 
C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? 
D. Is physical access to data transmission lines controlled? 


Answer: C 


Explanation: 

Physical security and environmental security are part of operational controls, and are measures taken to protect systems, buildings, and related supporting 
infrastructures against threats associated with their physical environment. All the questions above are useful in assessing physical and environmental protection 
except for the one regarding processes that ensuring that unauthorized individuals cannot access information, which is more a production control. 

Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self- Assessment Guide for Information Technology Systems, November 2001 (Pages 
A-21 to A-24). 


NEW QUESTION 141 
- (Topic 1) 
A timely review of system access audit records would be an example of which of the basic security functions? 


A. avoidance. 
B. deterrence. 
C. prevention. 
D. detection. 


Answer: D 


Explanation: 

By reviewing system logs you can detect events that have occured. 

The following answers are incorrect: 

avoidance. This is incorrect, avoidance is a distractor. By reviewing system logs you have not avoided anything. 

deterrence. This is incorrect because system logs are a history of past events. You cannot deter something that has already occurred. 
prevention. This is incorrect because system logs are a history of past events. You cannot prevent something that has already occurred. 


NEW QUESTION 142 

- (Topic 2) 

The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications 
for the system is referred to as? 


A. Confidentiality 
B. Availability 

C. Integrity 

D. Reliability 


Answer: B 


Explanation: 

An company security program must: 

1) assure that systems and applications operate effectively and provide appropriate confidentiality, integrity, and availability; 

2) protect informationcommensurate with the level of risk and magnitude ofharmresulting fromloss, misuse, unauthorized access, or modification. 

The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications 
for the system; i.e., a system is available if it provides services according to the system design whenever users request them. 

The following are incorrect answers: 

Confidentiality - The information requires protection from unauthorized disclosure and only the INTENDED recipient should have access to the meaning of the data 
either in storage or in transit. 

Integrity - The information must be protected from unauthorized, unanticipated, or unintentional modification. This includes, but is not limited to: 

Authenticity ?CA third party must be able to verify that the content of a message has not been changed in transit. 

Non-repudiation ?C The origin or the receipt of a specific message must be verifiable by a third party. 

Accountability - A security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. 

Reference used for this question: 

RFC 2828 

and 

SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (page 5). 


NEW QUESTION 143 
- (Topic 2) 
Which of the following should NOT be performed by an operator? 


A. Implementing the initial program load 
B. Monitoring execution of the system 
C. Data entry 

D. Controlling job flow 


Answer: C 


Explanation: 

Under the principle of separation of duties, an operator should not be performing data entry. This should be left to data entry personnel. 

System operators represent a class of users typically found in data center environments where mainframe systems are used. They provide day-to-day operations 
of the mainframe environment, ensuring that scheduled jobs are running effectively and troubleshooting problems that may arise. They also act as the arms and 
legs of the mainframe environment, load and unloading tape and results of job print runs. Operators have elevated privileges, but less than those of system 
administrators. If misused, these privileges may be used to circumvent the system??s security policy. As such, use of these 

privileges should be monitored through audit logs. 

Some of the privileges and responsibilities assigned to operators include: 
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Implementing the initial program load: This is used to start the operating system. The boot process or initial program load of a system is a critical time for ensuring 
system security. Interruptions to this process may reduce the integrity of the system or cause the system to crash, precluding its availability. 

Monitoring execution of the system: Operators respond to various events, to include errors, interruptions, and job completion messages. 

Volume mounting: This allows the desired application access to the system and its data. Controlling job flow: Operators can initiate, pause, or terminate programs. 
This may allow 

an operator to affect the scheduling of jobs. Controlling job flow involves the manipulation 

of configuration information needed by the system. Operators with the ability to control a job or application can cause output to be altered or diverted, which can 
threaten the confidentiality. 

Bypass label processing: This allows the operator to bypass security label information to run foreign tapes (foreign tapes are those from a different data center that 
would not be using the same label format that the system could run). This privilege should be strictly controlled to prevent unauthorized access. 

Renaming and relabeling resources: This is sometimes necessary in the mainframe environment to allow programs to properly execute. Use of this privilege 
should be monitored, as it can allow the unauthorized viewing of sensitive information. 

Reassignment of ports and lines: Operators are allowed to reassign ports or lines. If misused, reassignment can cause program errors, such as sending sensitive 
output to an unsecured location. Furthermore, an incidental port may be opened, subjecting the system to an attack through the creation of a new entry point into 
the system. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 19367-19395). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 145 
- (Topic 2) 
Which of the following choice is NOT normally part of the questions that would be asked in regards to an organization's information security policy? 


A. Who is involved in establishing the security policy? 

B. Where is the organization's security policy defined? 

C. What are the actions that need to be performed in case of a disaster? 

D. Who is responsible for monitoring compliance to the organization's security policy? 


Answer: C 


Explanation: 

Actions to be performed in case of a disaster are not normally part of an information security policy but part of a Disaster Recovery Plan (DRP). 

Only personnel implicated in the plan should have a copy of the Disaster Recovery Plan whereas everyone should be aware of the contents of the organization's 
information security policy. 

Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison-Wesley, 2001, Appendix B, Practice-Level Policy Considerations 
(page 398). 


NEW QUESTION 147 
- (Topic 2) 
Which of the following statements pertaining to the security kernel is incorrect? 


A. The security kernel is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept. 

B. The security kernel must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof. 
C. The security kernel must be small enough to be able to be tested and verified in a complete and comprehensive manner. 

D. The security kernel is an access control concept, not an actual physical component. 


Answer: D 


Explanation: 

The reference monitor, not the security kernel is an access control concept. 

The security kernel is made up of software, and firmware components that fall within the TCB and implements and enforces the reference monitor concept. The 
security kernel mediates all access and functions between subjects and objects. The security kernel is the core of the TCB and is the most commonly used 
approach to building trusted computing systems. 

There are three main requirements of the security kernel: 

e It must provide isolation for the processes carrying out the reference monitor concept, and the processes must be tamperproof. 

e It must be invoked for every access attempt and must be impossible to circumvent. Thus, the security kernel must be implemented in a complete and foolproof 
way. 

e It must be small enough to be able to be tested and verified in a complete and comprehensive manner. 

The following answers are incorrect: 

The security kernel is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept. Is incorrect because this is the 
definition of the security kernel. 

The security kernel must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof. Is incorrect because this is 
one of the three requirements that make up the security kernel. 

The security kernel must be small enough to be able to be tested and verified in a complete and comprehensive manner. Is incorrect because this is one of the 
three requirements that make up the security kernel. 


NEW QUESTION 149 
- (Topic 2) 
Which software development model is actually a meta-model that incorporates a number of the software development models? 


A. The Waterfall model 

B. The modified Waterfall model 
C. The Spiral model 

D. The Critical Path Model (CPM) 


Answer: C 
Explanation: 


The spiral model is actually a meta-model that incorporates a number of the software development models. This model depicts a spiral that incorporates the 
various phases of software development. The model states that each cycle of the spiral involves the same series of steps for each part of the project. CPM refers 
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to the Critical Path Methodology. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: 
Applications and Systems Development (page 246). 


NEW QUESTION 150 
- (Topic 2) 
Which of the following is not appropriate in addressing object reuse? 


A. Degaussing magnetic tapes when they're no longer needed. 

B. Deleting files on disk before reusing the space. 

C. Clearing memory blocks before they are allocated to a program or data. 

D. Clearing buffered pages, documents, or screens from the local memory of a terminal or printer. 


Answer: B 


Explanation: 

Object reuse requirements, applying to systems rated TCSEC C2 and above, are used to protect files, memory, and other objects in a trusted system from being 
accidentally accessed by users who are not authorized to access them. Deleting files on disk merely erases file headers in a directory structure. It does not clear 
data from the disk surface, thus making files still recoverable. All other options involve clearing used space, preventing any unauthorized access. 

Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (page 119). 


NEW QUESTION 153 
- (Topic 2) 
When considering an IT System Development Life-cycle, security should be: 


A. Mostly considered during the initiation phase. 

B. Mostly considered during the development phase. 

C. Treated as an integral part of the overall system design. 
D. Added once the design is completed. 


Answer: C 


Explanation: 

Security must be considered in information system design. Experience has shown it is very difficult to implement security measures properly and successfully after 
a system has been developed, so it should be integrated fully into the system life-cycle process. This includes establishing security policies, understanding the 
resulting security requirements, participating in the evaluation of security products, and finally in the engineering, design, implementation, and disposal of the 
system. 

Source: STONEBURNER, Gary & al, National Institute of Standards and Technology (NIST), NIST Special Publication 800-27, Engineering Principles for 
Information Technology Security (A Baseline for Achieving Security), June 2001 (page 7). 


NEW QUESTION 155 
- (Topic 2) 
What can best be described as an abstract machine which must mediate all access to subjects to objects? 


A. A security domain 

B. The reference monitor 
C. The security kernel 

D. The security perimeter 


Answer: B 


Explanation: 

The reference monitor is an abstract machine which must mediate all access to subjects to objects, be protected from modification, be verifiable as correct, and is 
always invoked. The security kernel is the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept. 
The security perimeter includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. 
System elements that are outside of the security perimeter need not be trusted. A security domain is a domain of trust that shares a single security policy and 
single management. 

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 


NEW QUESTION 156 
- (Topic 2) 
Which of the following is commonly used for retrofitting multilevel security to a database management system? 


A. trusted front-end. 
B. trusted back-end. 
C. controller. 

D. kernel. 


Answer: A 


Explanation: 

If you are "retrofitting" that means you are adding to an existing database management system (DBMS). You could go back and redesign the entire DBMS but the 
cost of that could be expensive and there is no telling what the effect will be on existing applications, but that is redesigning and the question states retrofitting. The 
most cost effective way with the least effect on existing applications while adding a layer of security on top is through a trusted front-end. 

Clark-Wilson is a synonym of that model as well. It was used to add more granular control or control to database that did not provide appropriate controls or no 
controls at all. It is one of the most popular model today. Any dynamic website with a back-end database is an example of this today. 

Such a model would also introduce separation of duties by allowing the subject only specific rights on the objects they need to access. 

The following answers are incorrect: 

trusted back-end. Is incorrect because a trusted back-end would be the database management system (DBMS). Since the question stated "retrofitting" that 
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eliminates this answer. 

controller. Is incorrect because this is a distractor and has nothing to do with "retrofitting". 

kernel. Is incorrect because this is a distractor and has nothing to do with "retrofitting". A security kernel would provide protection to devices and processes but 
would be inefficient in protecting rows or columns in a table. 


NEW QUESTION 160 
- (Topic 2) 
Who should DECIDE how a company should approach security and what security measures should be implemented? 


A. Senior management 

B. Data owner 

C. Auditor 

D. The information security specialist 


Answer: A 


Explanation: 

They are responsible for security of the organization and the protection of its 

assets. 

The following answers are incorrect because : 

Data owner is incorrect as data owners should not decide as to what security measures should be applied. 

Auditor is also incorrect as auditor cannot decide as to what security measures should be applied. 

The information security specialist is also incorrect as they may have the technical knowledge of how security measures should be implemented and configured , 
but they should not be in a position of deciding what measures should be applied. 

Reference : Shon Harris AlO v3 , Chapter-3: Security Management Practices , Page : 51. 


NEW QUESTION 163 
- (Topic 2) 
Risk analysis is MOST useful when applied during which phase of the system development process? 


A. Project initiation and Planning 
B. Functional Requirements definition 
C. System Design Specification 
D. Development and Implementation 


Answer: A 


Explanation: 

In most projects the conditions for failure are established at the beginning of the project. Thus risk management should be established at the commencement of 
the project with a risk assessment during project initiation. 

As it is clearly stated in the ISC2 book: Security should be included at the first phase of development and throughout all of the phases of the system development 
life cycle. This is a key concept to understand for the purpose for the exam. 

The most useful time is to undertake it at project initiation, although it is often valuable to update the current risk analysis at later stages. 

Attempting to retrofit security after the SDLC is completed would cost a lot more money and might be impossible in some cases. Look at the family of browsers we 
use today, for the past 8 years they always claim that it is the most secure version that has been released and within days vulnerabilities will be found. 

Risks should be monitored throughout the SDLC of the project and reassessed when appropriate. 

The phases of the SDLC can very from one source to another one. It could be as simple as Concept, Design, and Implementation. It could also be expanded to 
include more phases such as this list proposed within the ISC2 Official Study book: 

Project Initiation and Planning Functional Requirements Definition System Design Specification Development and Implementation 

Documentations and Common Program Controls 

Testing and Evaluation Control, certification and accreditation (C&A) Transition to production (Implementation) 

And there are two phases that will extend beyond the SDLC, they are: Operation and Maintenance Support (O&M) 

Revisions and System Replacement (Disposal) 

Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System 
Development, Acquisition, Implementation and Maintenance (page 291). 

and 

The Official ISC2 Guide to the CISSP CBK , Second Edition, Page 182-185 


NEW QUESTION 168 
- (Topic 2) 
Which of the following is responsible for MOST of the security issues? 


A. Outside espionage 
B. Hackers 

C. Personnel 

D. Equipment failure 


Answer: C 


Explanation: 

Personnel cause more security issues than hacker attacks, outside espionage, or equipment failure. 

The following answers are incorrect because: 

Outside espionage is incorrect as it is not the best answer. Hackers is also incorrect as it is not the best answer. Equipment failure is also incorrect as it is not the 
best answer. 

Reference : Shon Harris AlO v3 , Chapter-3: Security Management Practices , Page : 56 


NEW QUESTION 170 
- (Topic 2) 
Which of the following security mode of operation does NOT require all users to have the clearance for all information processed on the system? 
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A. Compartmented security mode 
B. Multilevel security mode 

C. System-high security mode 

D. Dedicated security mode 


Answer: B 


Explanation: 

The multilevel security mode permits two or more classification levels of information to be processed at the same time when all the users do not have the 
clearance of formal approval to access all the information being processed by the system. 

In dedicated security mode, all users have the clearance or authorization and need-to-know to all data processed within the system. 

In system-high security mode, all users have a security clearance or authorization to access the information but not necessarily a need-to-know for all the 
information processed on the system (only some of the data). 

In compartmented security mode, all users have the clearance to access all the information processed by the system, but might not have the need-to-know and 
formal access approval. 

Generally, Security modes refer to information systems security modes of operations used in mandatory access control (MAC) systems. Often, these systems 
contain information at various levels of security classification. 

The mode of operation is determined by: 

The type of users who will be directly or indirectly accessing the system. 

The type of data, including classification levels, compartments, and categories, that are processed on the system. 

The type of levels of users, their need to know, and formal access approvals that the users will have. 

Dedicated security mode 

In this mode of operation, all users must have: 

Signed NDA for ALL information on the system. Proper clearance for ALL information on the system. 

Formal access approval for ALL information on the system. A valid need to know for ALL information on the system. 

All users can access ALL data. System high security mode 

In this mode of operation, all users must have: Signed NDA for ALL information on the system. 

Proper clearance for ALL information on the system. 

Formal access approval for ALL information on the system. A valid need to know for SOME information on the system. 

All users can access SOME data, based on their need to know. Compartmented security mode 

In this mode of operation, all users must have: 

Signed NDA for ALL information on the system. Proper clearance for ALL information on the system. 

Formal access approval for SOME information they will access on the system. A valid need to know for SOME information on the system. 

All users can access SOME data, based on their need to know and formal access approval. 

Multilevel security mode 

In this mode of operation, all users must have: 

Signed NDA for ALL information on the system. Proper clearance for SOME information on the system. 

Formal access approval for SOME information on the system. A valid need to know for SOME information on the system. 

All users can access SOME data, based on their need to know, clearance and formal 

access approval. REFERENCES: 

WALLHOFF, John, CBK#6 Security Architecture and Models (CISSP Study Guide), April 2002 (page 6). 

and http://en.wikipedia.org/wiki/Security_Modes 


NEW QUESTION 175 
- (Topic 2) 
Which of the following is NOT an example of an operational control? 


A. backup and recovery 
B. Auditing 

C. contingency planning 
D. operations procedures 


Answer: B 


Explanation: 

Operational controls are controls over the hardware, the media used and the operators using these resources. 

Operational controls are controls that are implemented and executed by people, they are most often procedures. 

Backup and recovery, contingency planning and operations procedures are operational controls. 

Auditing is considered an Administrative / detective control. However the actual auditing mechanisms in place on the systems would be consider operational 
controls. 


NEW QUESTION 177 

- (Topic 2) 

A Security Kernel is defined as a strict implementation of a reference monitor mechanism responsible for enforcing a security policy. To be secure, the kernel must 
meet three basic conditions, what are they? 


A. Confidentiality, Integrity, and Availability 
B. Policy, mechanism, and assurance 

C. Isolation, layering, and abstraction 

D. Completeness, Isolation, and Verifiability 


Answer: D 


Explanation: 

A security kernel is responsible for enforcing a security policy. It is a strict implementation of a reference monitor mechanism. The architecture of a kernel 
operating system is typically layered, and the kernel should be at the lowest and most primitive level. 

It is a small portion of the operating system through which all references to information and all changes to authorizations must pass. In theory, the kernel 
implements access control and information flow control between implemented objects according to the security policy. 

To be secure, the kernel must meet three basic conditions: completeness (all accesses to information must go through the kernel), 

isolation (the kernel itself must be protected from any type of unauthorized access), 

and verifiability (the kernel must be proven to meet design specifications). 
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The reference monitor, as noted previously, is an abstraction, but there may be a reference validator, which usually runs inside the security kernel and is 
responsible for performing security access checks on objects, manipulating privileges, and generating any resulting security audit messages. 

A term associated with security kernels and the reference monitor is the trusted computing base (TCB). The TCB is the portion of a computer system that contains 
all elements of the system responsible for supporting the security policy and the isolation of objects. The security capabilities of products for use in the TCB can be 
verified through various evaluation criteria, such as the earlier Trusted Computer System Evaluation Criteria (TCSEC) and the current Common Criteria standard. 
Many of these security terms??reference monitor, security kernel, TCB??are defined loosely by vendors for purposes of marketing literature. Thus, it is necessary 
for security professionals to read the small print and between the lines to fully understand what the vendor is offering in regard to security features. 

TIP FOR THE EXAM: 

The terms Security Kernel and Reference monitor are synonymous but at different levels. As it was explained by Diego: 

While the Reference monitor is the concept, the Security kernel is the implementation of such concept (via hardware, software and firmware means). 

The two terms are the same thing, but on different levels: one is conceptual, one is "technical" 

The following are incorrect answers: Confidentiality, Integrity, and Availability Policy, mechanism, and assurance Isolation, layering, and abstraction 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 13858-13875). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 182 
- (Topic 2) 
What is called the formal acceptance of the adequacy of a system's overall security by the management? 


A. Certification 
B. Acceptance 
C. Accreditation 
D. Evaluation 


Answer: C 


Explanation: 

Accreditation is the authorization by management to implement software or 

systems in a production environment. This authorization may be either provisional or full. The following are incorrect answers: 

Certification is incorrect. Certification is the process of evaluating the security stance of the software or system against a selected set of standards or policies. 
Certification is the technical evaluation of a product. This may precede accreditation but is not a required precursor. 

Acceptance is incorrect. This term is sometimes used as the recognition that a piece of software or system has met a set of functional or service level criteria (the 
new payroll system has passed its acceptance test). Certification is the better tem in this context. 

Evaluation is incorrect. Evaluation is certainly a part of the certification process but it is not the best answer to the question. 

Reference(s) used for this question: 

The Official Study Guide to the CBK from ISC2, pages 559-560 

AlO3, pp. 314 - 317 

AlOv4 Security Architecture and Design (pages 369 - 372) AlOv5 Security Architecture and Design (pages 370 - 372) 


NEW QUESTION 186 
- (Topic 2) 
One of these statements about the key elements of a good configuration process is NOT true 


A. Accommodate the reuse of proven standards and best practices 

B. Ensure that all requirements remain clear, concise, and valid 

C. Control modifications to system hardware in order to prevent resource changes 

D. Ensure changes, standards, and requirements are communicated promptly and precisely 


Answer: C 


Explanation: 

Configuration management isn't about preventing change but ensuring the integrity of IT resources by preventing unauthorised or improper changes. 

According to the Official ISC2 guide to the CISSP exam, a good CM process is one that can: 

(1) accommodate change; 

(2) accommodate the reuse of proven standards and best practices; 

(3) ensure that all requirements remain clear, concise, and valid; 

(4) ensure changes, standards, and requirements are communicated promptly and precisely; and 

(5) ensure that the results conform to each instance of the product. 

Configuration management 

Configuration management (CM) is the detailed recording and updating of information that describes an enterprise's computer systems and networks, including all 
hardware and software components. Such information typically includes the versions and updates that have been applied to installed software packages and the 
locations and network addresses of hardware devices. Special configuration management software is available. When a system needs a hardware or software 
upgrade, a computer technician can accesses the configuration management program and database to see what is currently installed. The technician can then 
make a more informed decision about the upgrade needed. 

An advantage of a configuration management application is that the entire collection of systems can be reviewed to make sure any changes made to one system 
do not adversely affect any of the other systems 

Configuration management is also used in software development, where it is called Unified Configuration Management (UCM). Using UCM, developers can keep 
track of the source code, documentation, problems, changes requested, and changes made. 

Change management 

In a computer system environment, change management refers to a systematic approach to keeping track of the details of the system (for example, what operating 
system release is running on each computer and which fixes have been applied). 


NEW QUESTION 191 

- (Topic 2) 

Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security 
requirements? 


A. Validation 
B. Verification 
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C. Assessment 
D. Accuracy 


Answer: B 


Explanation: 

Verification vs. Validation: 

Verification determines if the product accurately represents and meets the specifications. A product can be developed that does not match the original 
specifications. This step ensures that the specifications are properly met. 

Validation determines if the product provides the necessary solution intended real-world problem. In large projects, it is easy to lose sight of overall goal. This 
exercise ensures that the main goal of the project is met. 

From DITSCAP: 

6.3.2. Phase 2, Verification. The Verification phase shall include activities to verify compliance of the system with previously agreed security requirements. For 
each life-cycle development activity, DoD Directive 5000.1 (reference (i)), there is a corresponding set of security activities, enclosure 3, that shall verify 
compliance with the security requirements 

and evaluate vulnerabilities. 

6.3.3. Phase 3, Validation. The Validation phase shall include activities to evaluate the fully integrated system to validate system operation in a specified computing 
environment with an acceptable level of residual risk. Validation shall culminate in an approval to operate. 

You must also be familiar with Verification and Validation for the purpose of the exam. A simple definition for Verification would be whether or not the developers 
followed the design specifications along with the security requirements. A simple definition for Validation would be whether or not the final product meets the end 
user needs and can be use for a specific purpose. 

Wikipedia has an informal description that is currently written as: Validation can be expressed by the query "Are you building the right thing?” and Verification by 
"Are you building it right? 

NOTE: 

DITSCAP was replaced by DIACAP some time ago (2007). While DITSCAP had defined both a verification and a validation phase, the DIACAP only has a 
validation phase. It may not make a difference in the answer for the exam; however, DIACAP is the cornerstone policy of DOD C&A and IA efforts today. Be 
familiar with both terms just in case all of a sudden the exam becomes updated with the new term. 

Reference(s) used for this question: 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 1106). McGraw- Hill. Kindle Edition. 

http://iase.disa.mil/ditscap/DITSCAP. html https://en.wikipedia.org/wiki/Verification_and_validation For the definition of "validation" in DIACAP, Click Here Further 
sources for the phases in DIACAP, Click Here 


NEW QUESTION 195 
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